A proxy mirror is a local mirror that does not sync the entire Fedora install tree. Instead, it serves files through a reverse caching proxy that connects to a public Fedora mirror and downloads files as needed, then serves them from the local machine once they have been cached. This is useful in several circumstances:
1. You don't have the disk space or bandwidth to set up a full mirror. 1. You are testing functionality of a local mirror environment before fully mirroring the Fedora tree. 1. You are setting up multiple targeted installations of Fedora (such as Web servers) that will be installing only a small subset of Fedora packages.
Installing Squid
First, install the squid package. Then create a new /etc/squid/squid.conf with the following:
http_port 3128 accel defaultsite=''mirror_hostname'' cache_peer ''mirror_hostname'' parent 80 0 no-query originserver http_access allow all cache_dir ufs /var/spool/squid 1024 16 256 maximum_object_size 524288 KB range_offset_limit -1 access_log /var/log/squid/access.log
Replace mirror_hostname with the hostname of your preferred Fedora mirror, such as download.fedora.redhat.com.
Once your configuration is saved, start Squid with service squid on.
Installing Apache
| However, you may find a Web server useful for serving local content relevant to your Fedora installations, such as Kickstart files. |
| You will also need a Web server if you later decide to convert to a full local mirror. |
| This guide will assume that you are installing the Apache Web server, to provide you the most flexibility later on. |
Install the httpd package. Now add the following to /etc/httpd/conf/httpd.conf:
ProxyPass /fedora/ http://localhost:3128/fedora
You will need to ensure that the path portion of the URL matches the path of the mirror you are proxying to. So if your chosen mirror keeps its Fedora tree in /pub/fedora, adjust the configuration appropriately:
ProxyPass /fedora/ http://localhost:3128/pub/fedora
Once your configuration is saved, start Apache with service httpd on.
SELinux
If you have SELinux enabled on your mirror server (and don't wish to disable it), you will need to grant Apache access to the Squid port. You can do this with the following policy:
module httpd_squid 1.0
require {
type httpd_t;
type http_cache_port_t;
class tcp_socket name_connect;
}
allow httpd_t http_cache_port_t:tcp_socket name_connect;
To install this policy, save the above to a file called httpd_squid.te, then run the following commands:
checkmodule -M -m -o httpd_squid.mod httpd_squid.te semodule_package -m httpd_squid.mod -o httpd_squid.pp semodule -i httpd_squid.pp
Using Your Proxy Mirror
To test your proxy mirror, point a Web browser to http://proxymirror/fedora/, and you should see the directory index from your selected Fedora mirror. You can now point local clients to the appropriate subdirectory, such as http://proxymirror/fedora/releases/9/Fedora/i386/os. Squid will download files as necessary, and serve local cached copies when available.
Converting To A Full Mirror
If, at a later point, you decide to create a full local Fedora mirror, simply remove the ProxyPass line from httpd.conf, and place your local mirror in /var/www/html/fedora. Your clients do not need to be reconfigured. You can also remove Squid and the SELinux policy.